b'Annual Report, \xe2\x80\x9cFederal Information Security Management Act: Fiscal Year 2006 Report\nfrom the Office of Inspector General\xe2\x80\x9d (IG-06-021, September 28, 2006)\n\nThis annual report, submitted as a memorandum from the Inspector General to the NASA\nAdministrator, provides the Office of Management and Budget (OMB) with our\nindependent assessment of NASA\xe2\x80\x99s information technology (IT) security posture. We\nrecommended that NASA identify its IT security program as a material weakness\nreportable in accordance with the Federal Managers\xe2\x80\x99 Financial Integrity Act. We made\nthat recommendation because of IT security weaknesses that we identified during this\nfiscal year, many of which were similar to those we identified in previous years.\nExamples of recurring weaknesses included patch management, monitoring of critical\nsystem activities, backup of systems, and certification of IT systems. In addition, several\nNASA Centers have experienced recent IT security incidents, which the NASA Office of\nInspector General is currently investigating. Although our audit and investigation work\nreflects challenges to and recurring weaknesses in NASA\xe2\x80\x99s IT security program, the\nAgency has taken steps to bolster its IT security defenses during FY 2006 and has also\nlaunched several strategic initiatives to improve its IT security. In addition, the Agency\nhas mandated a comprehensive, NASA-wide IT security review that should result in\nrecommendations that, if implemented, will improve the Agency\xe2\x80\x99s IT security posture.\n\nThe OMB\xe2\x80\x99s FY 2006 Report to Congress on Implementation of The Federal Information\nSecurity Management Act of 2002 includes information provided by our report.\nHowever, as an \xe2\x80\x9cIntra-Agency Memorandum,\xe2\x80\x9d our report is considered exempt from\nrelease under the Freedom of Information Act (FOIA); it also contains NASA Information\nTechnology/Internal Systems Data that is not routinely released under FOIA. To submit\na FOIA request, see the online guide.\n\x0c'